A few years ago, I sat in the back of a room of the Central Alabama ISSA regular meeting listening to a conversation on “The Cloud”. At the time, the buzz was just beginning. No one really knew what the cloud was, what it was trying to solve, and why it was making it to the cover of various trade magazines.
The debate was heated, but the result was very strong that the cloud was just marketing buzz and that adoption was not going to happen. There was no way to meet compliance in the cloud, and there was no option for a PCI cloud.
Last month, I gave a talk to that same chapter. The conversation was on “Cloud Attacks” and how we are now seeing more and more attacks on cloud vendors and partners. Plus, we are seeing cloud vendors invest in more and advanced security controls. The result, is that some clouds are becoming high-value targets, yet they are also deploying advanced security controls, some of which are out of budget for a smaller company attempting to roll a non-cloud solution. Before I jumped too far in to my presentation, I noticed the tone had changed since the last time I was talking to this crowd.
People were listening. Some were taking notes. Some were preparing to attack me as soon as I opened the floor for questions. While I’d love to think this was all due to the content or maybe even my delivery, I’m much more realistic to the fact that cloud adoption is here and strong.
While talking with the participants, I was very surprised to hear banks and financial institutions already sending e-mail to the cloud, and some considering sending batch processing to the cloud. While security is still a concern, they are realizing that with the increasing cost of having to support a data center, and the pain of having to fight for capital expenditures, it makes sense to consider passing that to a cloud provider.
We (security practitioners, customers, and vendors) have a long way to go, but it is interesting what a difference a few years make in terms of where we are with the conversation, and where we are headed.
{ 1 comment… read it below or add one }
No doubt cloud is future but at the same time there needs to be an extremely well understanding of the fact that the services delivered from a potentially unprotected area (for example South Asian region – no biasing) may impact the business. A data center may be an expensive choice and complicated to maintain but I believe a better grasp of own business and IT roadmap, may direct to the usage of both, cloud and non-cloud services in tandem for quite some time in future.